Cannot ssh to a cisco pix

[jvalenzuela]

Hello

I have already changed a SmartConsole over Solaris to Secure Platform. Before this change, we were able to access a Cisco Pix via telnet. Since SP does not have telnet we tried to access using ssh(this is allowed on the pix) but we are not able to. I got the following information with the debug option.

[Expert@console]# ssh -v 192.168.6.11
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: Connecting to 192.168.6.11 [192.168.6.11] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version Cisco-1.25
debug1: no match: Cisco-1.25
debug1: Local version string SSH-1.5-OpenSSH_3.6.1p2
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host '192.168.6.11' is known and matches the RSA1 host key.
debug1: Found key in /root/.ssh/known_hosts:3
Selected cipher type <unknown> not supported by server.
debug1: Calling cleanup 0x8062240(0x0)
[Expert@console]#

Any idea to solve this problem?

[chillyjim]

'Tis an old PIX supporting only DES encryption and not 3DES. It's also running SSHv1. You should upgrade into at least the latter 6.3 PIX code and get a 3des license for it (I assume upgrading the PIX to an UTM-1 isn't an option you)

[jvalenzuela]

I thought it was something about the encryption. However, I'm not the PIX administrator. I just can suggest the upgrade.

I'll try using DES encryption.

Thx

Jorge